Home > Articles > Certification > Other IT

  • Print
  • + Share This
This chapter is from the book

This chapter is from the book

Exam Prep Answers

Objective 3.1: Devices

  1. Answers A, B, and D are correct. Firewalls, routers, and switches will help you protect critical resources and separate your LAN.

  2. Answer B is correct. A firewall is best suited to protect resources and subnet your LAN directly on the network or gateway server.

  3. Answer B is correct. Stateful firewalls may filter connection-oriented packets such as TCP.

  4. Answer A is correct. The static router offers a stable table that you, as the network administrator, generate.

  5. Answer B is correct. A switch will meet your goals for this situation.

  6. Answers A and B are correct. The term modem stands for modulator and demodulator. Modems use telephone lines. DSL and cable modems are faster than 56Kbps.

  7. Answer C is correct. A VPN provides for a private communication between two sites that also permits encryption and authorization.

  8. Answer C is correct. Data Encryption Standard (DES) performs fast data encryption and may be used with VPNs.

  9. Answer A is correct. IDS stands for intrusion detection system.

Objective 3.2: Media

  1. Answers A, C, and D are correct. Twisted pair, fiber optic, and coaxial are types of network cabling. Token ring is a type of physical topology.

  2. Answer C is correct. Of the choices listed for coax cabling, long distance is the best answer.

  3. Answer C is correct. CAT 5 twisted-pair cabling is the media standard for most local network installations.

  4. Answer A is correct. Fiber is the best choice in this situation.

  5. Answers A and C are correct. Zip disks and floppy disks are magnetic storage media.

Objective 3.3: Security Topologies

  1. Answer C is correct. There are three accepted ranges for port numbers: the well-known ports; the registered ports, which are registered by the Internet Assigned Numbers Authority (IANA); and the dynamic (private) ports.

  2. Answers A, B, C, and D are correct. All of the items listed are examples of security zones.

  3. Answers A, C, and D are correct. You should place your Web servers, FTP servers, and email servers within the DMZ. Web servers, FTP servers, and email servers are typically hosted within the DMZ.

  4. Answer B is correct. A VLAN will improve connectivity in this situation.

  5. Answers A and C are correct. With tunneling, private network data, which is encapsulated or encrypted, is transmitted over a public network.

Objective 3.4: Intrusion Detection

  1. Answer B is correct. This is an example of a false-positive result.

  2. Answer A is correct. The network-based IDS monitors network traffic in real time.

  3. Answer D is correct. A host-based IDS can review computer system and event logs to detect a successful attack on a client computer.

  4. Answer D is correct. A honeypot is a computer configured as a sacrificial lamb so that administrators are aware when malicious attacks are in progress.

  5. Answer B is correct. An incident response is a written plan that indicates who will monitor these tools and how users should react after a malicious attack occurs.

Objective 3.5: Security Baselines

  1. Answer A is correct. Security baselines relate to the fundamental principal of implementing security measures on computer equipment to ensure that minimum standards are being met.

  2. Answers B and D are correct. To harden your NOS, check the manufacturer's Web site for any additional service patches for the NOS and disable any unused services.

  3. Answer D is correct. NetBEUI should be denied passage over your firewall for security reasons.

  4. Answer C is correct. Of the items listed, configuring network applications with the most recent updates and service packs relates best to application hardening.

  5. Answers A, C, and D are correct. Large data repositories may include storage area network (SAN), network attached storage (NAS), and directory enabled networks (DEN).

  6. Answer B is correct. SQL has this default security vulnerability because the sa account is established with a blank password.

  • + Share This
  • 🔖 Save To Your Account